EP3345417A1 - Method to authenticate a subscriber in a local network - Google Patents

Method to authenticate a subscriber in a local network

Info

Publication number
EP3345417A1
EP3345417A1 EP16736089.0A EP16736089A EP3345417A1 EP 3345417 A1 EP3345417 A1 EP 3345417A1 EP 16736089 A EP16736089 A EP 16736089A EP 3345417 A1 EP3345417 A1 EP 3345417A1
Authority
EP
European Patent Office
Prior art keywords
local
subscriber
key
lnj
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP16736089.0A
Other languages
German (de)
French (fr)
Other versions
EP3345417B1 (en
Inventor
Mireille Pauliac
Anne-Marie Praden
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS France SAS
Original Assignee
Gemalto SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto SA filed Critical Gemalto SA
Publication of EP3345417A1 publication Critical patent/EP3345417A1/en
Application granted granted Critical
Publication of EP3345417B1 publication Critical patent/EP3345417B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Abstract

The present invention relates to a method to authenticate a subscriber (IMSli) within a local network (LNj) comprising preliminary step of deriving a subscriber key (SMKi) in local keys (LKi), one local key (LKiLNj) for each local network (LNj) the subscriber (IMSli) is authorized to access, provisioning each local network (LNj) the subscriber (IMSli) is authorized to access with its own local key (LKiLNj). When an authentication is required in a given local network (LNj), an UlCC application derives a local key (LKiLNj) in the UlCC application of the subscriber (IMSli) using the network identifier (LNj), the key derivation function (KDF) and the subscriber key (SMKi) and use the derived local key (LKiLNj) in the algorithm to perform local authentication in the local network (LNj).

Description

METHOD TO AUTHENTICATE A SUBSCRIBER IN A LOCAL NETWORK
FIELD OF THE INVENTION
The present invention relates to a method to authenticate a subscriber within a local network, without requiring online communication between this local network and the home network of the subscriber.
A local network is defined as a network distinct from the home network in which the subscriber is registered.
The invention also pertains to an authentication center of a home subscriber server (HSS) hosted by a home operator and to an UICC application.
BACKGROUND OF THE INVENTION
3GPP addresses new scenarios where the operator's subscriber shall be authenticated within local E-UTRAN network (4G), without communication with the home network. The scenarios are for commercial use or for public safety, notably when the macro network is not available.
The operator has interest in keeping the control of the authentication of his subscriber within local networks. The subscriber should not be allowed to be authenticated within a local network deployed without agreement with the home operator of the subscriber.
Solutions to authenticate a subscriber within any local network relying on one unique key shared between the home HSS, the UICC application and all the local networks may have a security issue in case that a local HSS would be hosted in less secure environment than the home HSS. In such a scenario, it may happen that an attacker could have physical access to the local HSS and retrieve the unique key used to authenticate the subscriber. Consequently, all the other local networks using the same key to authenticate the subscriber would be known.
A synchronization issue may also exist, in case of 3GPP authentication, there is the use of Sequence Number (SQN) mechanism. Using the same SQN within different local networks not connected to synchronize could end in de-synchronization of the UICC in some scenarios. Then authentication could fail and additional process may be required.
Further alternative and advantageous solutions would, accordingly, be desirable in the art.
SUMMARY OF THE INVENTION
The present invention aims at proposing a novel scheme of authentication where no on-the-fly communication between the local and the home network occurs.
The present invention is defined, in its broadest sense, as a method comprising the preliminary steps of, for a home authentication center (AuC) of a home subscriber server (HSS) hosted in a home network:
- storing a subscriber key (Kmacro) per subscriber in the home authentication center, said home authentication center having a key derivation function (KDF) and said subscriber key being dedicated to the authentication of this subscriber within any local network having an agreement with the home operator,
- deriving the subscriber key in local keys, one local key for each local network the subscriber is authorized to access,
- provisioning each local network the subscriber is authorized to access with its own local key,
- provisioning an UICC application of the subscriber with the subscriber key and the key derivation function (KDF),
- provisioning the UICC application of the subscriber with an algorithm to perform local authentication,
said method further comprising the steps of, when an authentication is required in a given local network, for the UICC application:
- receiving a network identifier,
- deriving a local key in the UICC application of the subscriber using the network identifier of the local network, the key derivation function and the subscriber key, - using the derived local key in the algorithm to perform local authentication in the local network.
This invention relies on the generation of local keys, both in the operator network and in the user equipment of the operator's subscriber, to perform AKA authentication of the subscriber within a local E-UTRAN network.
The home network sends a local key to any local E-UTRAN network where a subscriber is authorized to be present and could be authenticated locally thanks to AKA authentication. One local key is dedicated to only one local network.
The invention allows an operator to continue using AKA algorithm to authenticate his subscribers within local networks. It thus allows the home operator to keep control within local networks. The authentication takes place only if the local authentication center AuC and the user equipment are provisioned with keys provided by the home operator. The use of local keys, specific to only one local network, provides a high level of security. This feature is important in case that a local authentication center AuC would be more vulnerable to attacks, than a home authentication center AuC, including the one in the local HSS. If an attacker has access to one local authentication center AuC, the retrieved local keys could not be used for authentication within others local networks.
The invention has also the advantage to allow local authentication based on symmetric keys. It further guarantees that UlCC-based authentication will take place when the subscriber is within local networks. Since AKA-based authentication shall be hosted in a UICC, while certificate- based solutions can be hosted in the terminal part of the user equipment.
The authentication method used in the local network, i.e. AKA authentication with AUTN, RAND, can be the standard one and no modification are needed neither within the local network, neither in the UICC.
The UICC will only contain additional files or dedicated application to store the new subscriber key and all the derived local keys for all local networks. Associated OTA services are advantageously implemented to update the list of authorized local networks.
According to an advantageous feature, said method comprising, as a preliminary step, a step of, for the authentication center, provisioning the UlCC application of the subscriber with a list of identifiers of local networks where the subscriber is authorized to access, and, when an authentication is required in a given local network, for the UlCC application, a step of checking the presence of the local network's identifier in the list.
With this feature it is necessary for the UlCC application to further contain the list of authorized local networks where the subscriber would be authorized to be present.
According to an advantageous implementation, once the local key is derived by the UlCC application, the method further comprises the step of storing the local key for this local network and the step of checking the presence of a stored local key for the local network's identifier.
This feature avoids to re-iterate the key derivation each time the UlCC enters a local network.
According to a specific implementation, the authentication process using a sequence number mechanism, it further comprises the step of, for the authentication center and for the UlCC application, while deriving local keys, associating an local array of sequence numbers to each derived local key.
Such an array of sequence numbers is typically associated to some standard authentication process. The invention is fully compatible with such standards.
The invention further relates to an authentication center of a home subscriber server hosted in a home network, said authentication center storing a subscriber key per subscriber application, said subscriber key being dedicated to the authentication of a subscriber within any local networks having an agreement with home network's operator, said authentication center having a key derivation function to derive the subscriber key in local keys, one for each local network the subscriber is authorized to access, said authentication center having provisioning resources to provision each local network the subscriber is authorized to access with its own local key, and to provision UlCC of subscriber with own subscriber key, with key derivation function (KDF) and with an algorithm to perform local authentication.
Such an authentication center enables the implementation of the invention on the side of the home network.
The invention at last relates to an UlCC application provided with a subscriber key, said subscriber key being dedicated to the authentication of a subscriber within any local networks having an agreement with the home network, a key derivation function (KDF) and an algorithm to perform local authentication, said UlCC application being further adapted to receive a network identifier from a local network and to use this network identifier, the key derivation function and the subscriber key to derive a local key in the UlCC application of the subscriber, the UlCC application further being adapted to use the derived local key in the algorithm to perform local authentication in the local network.
Such an UlCC application enables the implementation of the invention on the user equipment side.
To the accomplishment of the foregoing and related ends, one or more embodiments comprise the features hereinafter fully described and particularly pointed out in the claims.
BRIEF DESCRIPTION OF THE DRAWINGS
The following description and the annexed drawings set forth in detail certain illustrative aspects and are indicative of but a few of the various ways in which the principles of the embodiments may be employed. Other advantages and novel features will become apparent from the following detailed description when considered in conjunction with the drawings and the disclosed embodiments are intended to include all such aspects and their equivalents.
• Figure 1 represents the environement in which the invention is implemented; • Figure 2 shows a functional diagram of the exchanges between entities according to the method of the invention.
DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION
For a more complete understanding of the invention, the invention will now be described in detail with reference to the accompanying drawings. The detailed description will illustrate and describe what is considered as a preferred embodiment of the invention. It should of course be understood that various modifications and changes in form or detail could readily be made without departing from the spirit of the invention. It is therefore intended that the invention may not be limited to the exact form and detail shown and described herein, nor to anything less than the whole of the invention disclosed herein and as claimed hereinafter. The same elements have been designated with the same references in the different drawings. For clarity, only those elements and steps which are useful to the understanding of the present invention have been shown in the drawings and will be described.
Figure 1 schematically shows an environment comprising a home network HN and two local networks LN1 and LN2. Each of them has a respective home subscriber server HHSS, LHSS1 and LHSS2 and an authentication center HAuC, LAuC1 , LAuC2. HSS are accessible for base stations in their corresponding local networks.
It is here noted that a user equipment UE consists of an UICC having UICC Application with IMSli associated to the subscription of the user and a mobile equipment ME. IMSli is an identifier of the subscriber for one specific UICC Application. If several UICC applications are present in the UICC, each
UICC application can have a dedicated IMSI. Nothing prevents to have several UICCs within a UE.
User equipments UEa and UEb respectively have IMSI1 in a UICC application and IMSI2 in UICC application, said IMSli originating from home network HN. It is here further noted that reference "IMSI" is used to designate the identity of the subscriber according to the UMTS terminology. Any other kind of identity is concerned as IMPI (IMS) and others. User equipments UEa and UEb are susceptible to enter in communication with base stations of local networks LNj for example in a situation where the UEa and UEb can no longer communicate with normal network. In such a situation, the subscriber needs to be authenticated within the local network LNj without any contact with the home operator.
For this purpose, the invention proposes that the authentication center HAuC of the home network HN stores preliminarily a subscriber key SMKi per subscriber i, and possibly a random value RANDi to be optionally used in the derivation function. Said subscriber key SMKi is dedicated to the authentication of the subscriber associated to the IMSli in a UICC application within any local network having an agreement with the home operator HN.
According to the invention, the authentication center AuC has a key derivation function to derive local keys from the subscriber key SMK. A local key LKiLNj per local network LNj having an agreement with the home operator is thus obtained. This local key LKiLNj is then sent to the HSS of the concerned local network LNj as shown on figure 2 for local network LN1 . A local key is sent for each subscriber i susceptible and authorized to enter in local network LNj. The local authentication center LAuCj stores all these local keys LKiLNj- In case of 3GPP AKA authentication, the AuC of the home HHSS sends to the local HSS LHSSj the array of Sequence Number (SQN) associated to each local key LK. It stores all these keys, one per subscriber and, in case of 3GPP AKA authentication, the local authentication center LAuC also contains the array of Sequence Number (SQN) associated to each local key LK.
The subscriber key SMKi, the derivation function KDF,an algorithm to perform local authentication, e.g. 3GPP AKA authentication (Milenage), and possibly the random value RANDi, are then provisioned at the UICC of the user equipment UEa, in an UICC application with IMSI1 . This step ends the preliminary steps PrS of the invention which necessitates dedicated communications with the UICC of the subscriber IMSli when it is in the field of the home network. Further, the UICC application contains a list of local networks LNj where the subscriber i is authorized to be. The operator of the home network could update this list of authorized local network when the UE with UICC containing the UICC application with IMSli was or is again in the field of home network.
Then, when the local network LN1 initiates a mutual authentication with the UICC application with IMSI1 of the user equipment UEa in the local network, LN1 in figure 2, the user equipment UEa receives a local network identifier ld(LN1 ) that it provides to the UICC application with IMSI1 , e.g. USIM.
When the identifier ld(LN1 ) is not in the list of authorized networks, the authentication fails. When the identifier ld(LN1 ) is in the list of authorized networks, selection of the corresponding local network key SMK1 LNI and the activation of the derivation function KDF to obtain the local key LK1 LNI for the identified local network LN1 are triggered.
The invention can be implemented in such a way that, if a local key has already been derived for the user equipment, the local HSS LHSS1 keeps the local key in memory. In this case, when the network is listed, the UICC application subsequently checks if a local key was previously calculated. In such a case, the derivation is not done again and the stored local key associated to the concerned network is used.
Otherwise, the derivation is in fact triggered. Each local key is specific per subscriber to one local network. The derivation of the local key is linked to the identity IMSI1 of the subscriber and the identity of the local network ld(LN1 ), thus:
LK1 LNI = KDF (SMK1 , "local-aka", RAND1 , IMSI1 , ld(LN1 )).
The obtained local key can be stored depending on the implementation. In case of AKA-based authentication, as specified by 3GPP, an array of Sequence Number (SQN) is associated to each local key LK.
The local key LK1 LNI is then used in secure authentication Aut(LK1 LNi ) with the LHSS1 of the local network LN1 . AKA authentication is preferably used. According to the invention, the UICC application stores the following triplets:
Id(LNj), LKI LNJ, SQNj for as many j as concerned networks.
In the above detailed description, reference is made to the accompanying drawings that show, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. The above detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined only by the appended claims, appropriately interpreted, along with the full range of equivalents to which the claims are entitled.

Claims

1 . Method to authenticate a subscriber (IMSli) within a local network (LNj) comprising the preliminary steps of, for a home authentication center (HAuC) of a home subscriber server (HHSS) hosted in a home network (HN):
- storing a subscriber key (SMKi) per subscriber (IMSli) in the home authentication center (HAuC), said home authentication center (HAuC) having a key derivation function (KDF) and said subscriber key (SMKi) being dedicated to the authentication of this subscriber (IMSli) within any local network (LNj) having an agreement with the home operator (HN),
- deriving the subscriber key (SMKi) in local keys (LKi), one local key (LKiLNj) for each local network (LNj) the subscriber (IMSli) is authorized to access,
- provisioning each local network (LNj) the subscriber (IMSli) is authorized to access with its own local key (LKiLNj),
- provisioning an UICC application of the subscriber (IMSli) with the subscriber key (SMKi) and the key derivation function (KDF),
- provisioning the UICC application of the subscriber (IMSli) with an algorithm to perform local authentication,
said method further comprising the steps of, when an authentication is required in a given local network (LNj), for the UICC application:
- receiving a network identifier (Id(LNj)),
- deriving a local key (LKiLNj) in the UICC application of the subscriber (IMSli) using the network identifier (LNj) of the local network, the key derivation function (KDF) and the subscriber key (SMKi),
- using the derived local key (LKiLNj) in the algorithm to perform local authentication in the local network (LNj).
2. Method according to claim 1 , said method comprising, as a preliminary step, a step of, for the authentication center (HAuC), provisioning the UICC application of the subscriber (IMSli) with a list of identifiers of local networks (Id(LNj)) where the subscriber (IMSli) is authorized to access, and, when an authentication is required in a given local network (LNj), for the UICC application, a step of checking the presence of the local network's identifier (Id(LNj)) in the list.
3. Method according to one of claims 1 and 2, wherein, once the local key (LKiLNj) is derived by the UICC application, the method further comprises the step of storing the local key (LKiLNj) for this local network (LNj) and the step of checking the presence of a stored local key (LKiLNj) for the local network's identifier (Id(LNj)).
4. Method according to one of preceding claims, wherein, the authentication process using a sequence number mechanism, it further comprises the step of, for the authentication center (HAuC) and for the UICC application, while deriving local keys (LKiLNj), associating an local array of sequence numbers to each derived local key (LKiLNj)-
5. Authentication center (HAuC) of a home subscriber server (HHSS) hosted in a home network (HN), said authentication center (HAuC) storing a subscriber key (SMKi) per subscriber application, said subscriber key (SMKi) being dedicated to the authentication of a subscriber (IMSli) within any local networks (LNj) having an agreement with home network's operator, said authentication center (HAuC) having a key derivation function (KDF) to derive the subscriber key (SMKi) in local keys (LKiLNj), one for each local network (LNj) the subscriber (IMSli) is authorized to access, said authentication center (HAuC) having provisioning resources to provision each local network (LNj) the subscriber (IMSli) is authorized to access with its own local key
(LKiLNj), and to provision UICC application of subscriber (IMSli) with own subscriber key (SMKi), with key derivation function (KDF) and with an algorithm to perform local authentication.
6. UlCC application provided with a subscriber key (SMKi), said subscriber key (SMKi) being dedicated to the authentication of a subscriber (IMSli) within any local networks (LNj) having an agreement with the home network (HN), a key derivation function (KDF) and an algorithm to perform local authentication,
said UlCC application being further adapted to receive a network identifier (Id(LNj)) from a local network (LNj) and to use this network identifier (Id(LNj)), the key derivation function (KDF) and the subscriber key (SMKi) to derive a local key (LKi) in the UlCC application of the subscriber (IMSli), the UlCC application further being adapted to use the derived local key (LKiLNj) in the algorithm to perform local authentication in the local network (LNj).
EP16736089.0A 2015-09-04 2016-07-05 Method to authenticate a subscriber in a local network Active EP3345417B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP15306361.5A EP3139649A1 (en) 2015-09-04 2015-09-04 Method to authenticate a subscriber in a local network
PCT/EP2016/065840 WO2017036638A1 (en) 2015-09-04 2016-07-05 Method to authenticate a subscriber in a local network

Publications (2)

Publication Number Publication Date
EP3345417A1 true EP3345417A1 (en) 2018-07-11
EP3345417B1 EP3345417B1 (en) 2022-12-28

Family

ID=54151228

Family Applications (2)

Application Number Title Priority Date Filing Date
EP15306361.5A Withdrawn EP3139649A1 (en) 2015-09-04 2015-09-04 Method to authenticate a subscriber in a local network
EP16736089.0A Active EP3345417B1 (en) 2015-09-04 2016-07-05 Method to authenticate a subscriber in a local network

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP15306361.5A Withdrawn EP3139649A1 (en) 2015-09-04 2015-09-04 Method to authenticate a subscriber in a local network

Country Status (7)

Country Link
US (1) US10965657B2 (en)
EP (2) EP3139649A1 (en)
JP (1) JP6591051B2 (en)
CN (2) CN107925878B (en)
ES (1) ES2936319T3 (en)
FI (1) FI3345417T3 (en)
WO (1) WO2017036638A1 (en)

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7231521B2 (en) * 2001-07-05 2007-06-12 Lucent Technologies Inc. Scheme for authentication and dynamic key exchange
FI20050384A0 (en) * 2005-04-14 2005-04-14 Nokia Corp Use of generic authentication architecture for distribution of Internet protocol keys in mobile terminals
US7787627B2 (en) * 2005-11-30 2010-08-31 Intel Corporation Methods and apparatus for providing a key management system for wireless communication networks
WO2007062689A1 (en) * 2005-12-01 2007-06-07 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for distributing keying information
EP1835688A1 (en) * 2006-03-16 2007-09-19 BRITISH TELECOMMUNICATIONS public limited company SIM based authentication
CA2653543A1 (en) * 2006-06-09 2007-12-13 Telefonaktiebolaget L M Ericsson (Publ) Access to services in a telecommunications network
PL2258126T3 (en) * 2008-04-02 2012-12-31 Nokia Solutions & Networks Oy Security for a non-3gpp access to an evolved packet system
US9385862B2 (en) * 2010-06-16 2016-07-05 Qualcomm Incorporated Method and apparatus for binding subscriber authentication and device authentication in communication systems
WO2011160674A1 (en) * 2010-06-21 2011-12-29 Nokia Siemens Networks Oy Method for establishing a secure and authorized connection between a smart card and a device in a network
CN101945386B (en) * 2010-09-10 2015-12-16 中兴通讯股份有限公司 A kind of method and system realizing safe key synchronous binding
GB2486461B (en) * 2010-12-15 2015-07-29 Vodafone Ip Licensing Ltd Key derivation
EP2656648B1 (en) * 2010-12-21 2018-05-09 Koninklijke KPN N.V. Operator-assisted key establishment
US9251315B2 (en) * 2011-12-09 2016-02-02 Verizon Patent And Licensing Inc. Security key management based on service packaging
US8983447B2 (en) * 2012-08-14 2015-03-17 Qualcomm Incorporated Methods, systems and devices for dynamic HPLMN configuration
EP2704466A1 (en) * 2012-09-03 2014-03-05 Alcatel Lucent Smart card personnalization with local generation of keys
US9693226B2 (en) * 2012-10-29 2017-06-27 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for securing a connection in a communications network
EP2979462B1 (en) * 2013-03-29 2019-05-22 Mobileum Inc. Method and system for facilitating lte roaming between home and visited operators
JP6708626B2 (en) * 2014-05-02 2020-06-10 コニンクリーケ・ケイピーエヌ・ナムローゼ・フェンノートシャップ Method and system for providing security from a wireless access network.

Also Published As

Publication number Publication date
CN107925878A (en) 2018-04-17
JP6591051B2 (en) 2019-10-16
WO2017036638A1 (en) 2017-03-09
EP3139649A1 (en) 2017-03-08
CN114866518A (en) 2022-08-05
FI3345417T3 (en) 2023-02-16
EP3345417B1 (en) 2022-12-28
CN107925878B (en) 2022-09-27
ES2936319T3 (en) 2023-03-16
JP2018533255A (en) 2018-11-08
US20180279123A1 (en) 2018-09-27
US10965657B2 (en) 2021-03-30

Similar Documents

Publication Publication Date Title
KR102315881B1 (en) Mutual authentication between user equipment and an evolved packet core
EP3041164B1 (en) Subscriber profile transfer method, subscriber profile transfer system, and user equipment
US20210092603A1 (en) Subscriber identity privacy protection against fake base stations
KR101123346B1 (en) Authentication in communication networks
JP7388464B2 (en) First network device and method for the first network device
CA3106505A1 (en) Method and apparatus for security realization of connections over heterogeneous access networks
KR20190020140A (en) Integrated authentication for heterogeneous networks
CN112075094B (en) Method for updating a one-time secret key
AU2017313215B2 (en) Authentication server of a cellular telecommunication network and corresponding UICC
WO2005125261A1 (en) Security in a mobile communications system
EP1992185A2 (en) Fast re-authentication method in umts
JP2022517658A (en) How to authenticate a secure element that works with a mobile device in a terminal in a telecommunications network
KR102095136B1 (en) A method for replacing at least one authentication parameter for authenticating a secure element, and a corresponding secure element
US10965657B2 (en) Method to authenticate a subscriber in a local network

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20180404

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: THALES DIS FRANCE SA

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20200318

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: THALES DIS FRANCE SAS

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602016077119

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: H04W0012060000

Ipc: H04L0009400000

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIC1 Information provided on ipc code assigned before grant

Ipc: H04W 12/069 20210101ALI20220706BHEP

Ipc: H04W 12/041 20210101ALI20220706BHEP

Ipc: H04L 9/40 20220101AFI20220706BHEP

INTG Intention to grant announced

Effective date: 20220729

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602016077119

Country of ref document: DE

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1541157

Country of ref document: AT

Kind code of ref document: T

Effective date: 20230115

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: NL

Ref legal event code: FP

REG Reference to a national code

Ref country code: SE

Ref legal event code: TRGR

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2936319

Country of ref document: ES

Kind code of ref document: T3

Effective date: 20230316

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG9D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230328

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1541157

Country of ref document: AT

Kind code of ref document: T

Effective date: 20221228

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230329

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230502

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230428

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 20230622

Year of fee payment: 8

Ref country code: IT

Payment date: 20230620

Year of fee payment: 8

Ref country code: FR

Payment date: 20230621

Year of fee payment: 8

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230428

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: SE

Payment date: 20230622

Year of fee payment: 8

Ref country code: FI

Payment date: 20230622

Year of fee payment: 8

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602016077119

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20230620

Year of fee payment: 8

Ref country code: ES

Payment date: 20230801

Year of fee payment: 8

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20230620

Year of fee payment: 8

26N No opposition filed

Effective date: 20230929

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20221228

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20230731

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230705

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230705

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230731